- name: set root passwd
  action: user name=root password=$builder_rootpw state=present

- name: add mock user as 425
  action: user name=mock uid=425 state=present home=/var/lib/mock createhome=yes system=yes
- name: make mock homedir 2775
  action: file state=directory path=/var/lib/mock mode=2775 owner=mock group=mock
- name: add mock ssh dir
  action: file state=directory path=/var/lib/mock/.ssh mode=700 owner=mock group=mock
- name: add mock ssh keys
  action: copy src=$files/kojibuilder/mock_auth_keys dest=/var/lib/mock/.ssh/authorized_keys mode=644 owner=mock group=mock

- name: add ftpsync group
  action: group name=ftpsync gid=263 system=yes state=present

- name: add ftpsync user
  action: user name=ftpsync uid=263 group=ftpsync system=yes home=/var/tmp/ftpsync createhome=yes system=yes state=present

- name: add the ftpsync update-fullfilelist script
  action: copy src=$files/releng/update-fullfilelist dest=/usr/local/bin/update-fullfilelist owner=ftpsync group=ftpsync mode=555

- name: add masher group
  action: group name=masher gid=751 system=yes state=present
# masher user 751
- name: add masher user as 751 - and group
  action: user name=masher uid=751 group=masher home=/home/masher groups=mock,ftpsync
# masher ssh keys and config
- name: add masher ssh dir
  action: file state=directory path=/home/masher/.ssh mode=700 owner=masher group=masher
- name: add masher ssh keys
  action: copy src=$files/releng/mash/masher.$item dest=/home/masher/.ssh/$item mode=600 owner=masher group=masher
  with_items:
    - id_rsa.pub
    - config

- name: add masher ssh priv key
  action: copy src=$private/files/mash/masher.id_rsa dest=/home/masher/.ssh/id_rsa mode=600 owner=masher group=masher


# rawhide group
- name: rawhide group
  action: group name=rawhide gid=265
# rawhide user 265
- name: add rawhide user
  action: user name=rawhide uid=265 group=rawhide home=/tmp comment="rawhide compose account"
 

- name: iptables
  action: template src=$files/iptables/releng dest=/etc/sysconfig/iptables mode=600
  notify:
  - restart iptables
  tags:
  - configs

- name: sshd_config
  action: copy src=$files/ssh/sshd_config.releng dest=/etc/ssh/sshd_config mode=600
  notify:
  - restart sshd
  tags:
  - sshd_config
  - configs

- name: /etc/resolv.conf
  action: copy src=$files/resolv.conf/phx2 dest=/etc/resolv.conf
  tags:
  - configs

- name: /etc/hosts
  action: copy src=$files/hosts/releng-hosts dest=/etc/hosts
  tags:
  - configs


- name: rsyslog.conf
  action: copy src=$files/rsyslog/rsyslog.conf.releng dest=/etc/rsyslog.conf mode=644
  tags:
  - configs

- name: /etc/postfix/main.cf
  action: copy src=$files/postfix/main.cf.releng01 dest=/etc/postfix/main.cf
  tags:
  - configs

- name: ensure postfix is started
  action: service name=postfix state=started enabled=true

- name: make a bunch of dirs
  action: file state=directory path=$item
  with_items:
    - /pub
    - /pub/fedora
    - /pub/epel
    - /epel
    - /var/spool/rsyslog

- name: add builder infra yum repo
  action: copy src=$files/kojibuilder/builder-infrastructure.repo dest=/etc/yum.repos.d/builder-infrastructure.repo
  tags:
  - configs

- name: add releng yum repo
  action: copy src=$files/releng/releng.repo dest=/etc/yum.repos.d/releng.repo
  tags:
  - configs

- name: add pkgs
  action: yum  state=installed pkg=$item
  with_items:
    - yum-utils
    - koji
    - strace
    - mock
    - nfs-utils
    - git
    - mash
    - intltool
    - mutt
    - koji
    - createrepo

- name: /etc/koji/koji.conf
  action: copy src=$files/kojibuilder/koji.conf dest=/etc/koji.conf


# mock configs
- name: put extra special  mock configs in
  action: copy src=$files/releng/$item dest=/etc/mock/$item mode=644
  with_items:
    - fedora-branched-compose-i386.cfg
    - fedora-rawhide-compose-i386.cfg
    - fedora-branched-compose-x86_64.cfg


# idmapd and make sure it's set to run
- name: idmapd.conf
  action: copy src=$files/kojibuilder/idmapd.conf dest=/etc/idmapd.conf
  tags:
  - configs

- name: enable nfs-related services and run them
  action: service name=$item  enabled=true state=started
  with_items:
  - rpcidmapd
  - rpcbind
  - nfs
  - nfslock


- name: route to netapp network
  action: copy src=$files/kojibuilder/route-eth1 dest=/etc/sysconfig/network-scripts/route-eth1

- name: add netapp network route
  action: command /etc/sysconfig/network-scripts/ifup-routes eth1

- name: nfsmount - /pub/fedora
  action: mount name=/pub/fedora src=vtap-fedora-nfs01.storage.phx2.redhat.com:/vol/fedora_ftp/fedora.redhat.com/pub/fedora fstype=nfs opts=rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3 passno=0 dump=0 state=mounted

- name: nfs mount points
  action: mount name=/mnt/fedora_koji src=vtap-fedora-nfs01.storage.phx2.redhat.com:/vol/fedora_koji fstype=nfs opts=rw,hard,bg,intr,noatime,nodev,nosuid passno=0 dump=0 state=mounted

- name: make a mnt/koji link
  action: file state=link src=/mnt/fedora_koji/koji dest=/mnt/koji

# put cron job in for branched compose
- name: branched compose cron
  action: copy src=$files/releng/branched dest=/etc/cron.d/branched
  only_if: "'${inventory_hostname}'.startswith('releng01')"

# put cron job in for rawhide compose
- name: rawhide compose cron
  action: copy src=$files/releng/rawhide dest=/etc/cron.d/rawhide
  only_if: "'${inventory_hostname}'.startswith('releng02')"

- name: sudoers defaults
  action: copy src=$private/files/sudo/releng-sudoers dest=/etc/sudoers mode=0440
  tags:
  - configs
- name: sudoers for ftpsync
  action: copy src=$private/files/sudo/ftpsync-sudo dest=/etc/sudoers.d/ftpsync mode=0440
  tags:
  - configs

# fedmsg message buss stuff. 
- name: fedmsg install
  action: yum  state=installed pkg=$item
  with_items:
    - fedmsg
    # needed for now, until moksha 0.8.8-4 pulls it in.
    - python-bunch
  tags:
  - fedmsg
- name: fedmsg.d dir
  action: file state=directory path=/etc/fedmsg.d mode=755 owner=root group=root
  tags:
  - fedmsg
- name: fedmsg cert dir
  action: file state=directory path=/etc/pki/fedmsg mode=755 owner=root group=root
  tags:
  - fedmsg
- name: fedmsg files
  action: copy src=$files/releng/fedmsg/$item dest=/etc/fedmsg.d/$item mode=644
  with_items:
    - ircbot.py
    - ssl.py
    - endpoints.py
    - base.py
  tags:
  - fedmsg
- name: fedmsg ca
  action: copy src=$private/files/fedmsg-certs/keys/$item dest=/etc/pki/fedmsg/$item mode=644
  with_items:
    - ca.crt
- name: fedmsg cert
  action: copy src=$private/files/fedmsg-certs/keys/$item dest=/etc/pki/fedmsg/$item mode=644
  with_items:
    - bodhi-releng01.phx2.fedoraproject.org.crt
  tags:
  - fedmsg
  only_if: "'${inventory_hostname}'.startswith('releng01')"
- name: fedmsg key
  action: copy src=$private/files/fedmsg-certs/keys/$item dest=/etc/pki/fedmsg/$item mode=640 group=masher
  with_items:
    - bodhi-releng01.phx2.fedoraproject.org.key
  tags:
  - fedmsg
  only_if: "'${inventory_hostname}'.startswith('releng01')"
- name: fedmsg cert
  action: copy src=$private/files/fedmsg-certs/keys/$item dest=/etc/pki/fedmsg/$item mode=644
  with_items:
    - bodhi-releng02.phx2.fedoraproject.org.crt
  tags:
  - fedmsg
  only_if: "'${inventory_hostname}'.startswith('releng02')"
- name: fedmsg key
  action: copy src=$private/files/fedmsg-certs/keys/$item dest=/etc/pki/fedmsg/$item mode=640 group=masher
  with_items:
    - bodhi-releng02.phx2.fedoraproject.org.key
  tags:
  - fedmsg
  only_if: "'${inventory_hostname}'.startswith('releng02')"

